Monday, August 17, 2020

HPE/Silver Peak - Features by software release

This is a summary of VAOX/ECOS and GMS/Orchestrator software features and the version from which they were added.


▶ Features by VXOA software release


  • ECOS 9.0

• Advanced Segmentation (VRF)
• Secure Shell Access
• Enhanced Multicast Support
• Improved Software Upgrade Stability
• Enhancements to Disabled Subnet Sharing via IP SLA
• Custom Tags in YAML Preconfig
• IPSec Anti-Replay Improvements to support a window size of up to 64K
• Multiple Domain Matches in DNS Cache
• Port Flexibility for Bonding

  • ECOS 8.3

• Remote IP Logged for TACACS+ and RADIUS
• (8.3.0.4) - The spsadmin account has been removed.
• (8.3.0.4) - Appliances can now be configured to reject self-signed certificates. This feature addresses CVE-2020-12143 and CVE-2020-12143.
• (8.3.0.4) - A new IKE-less seed distribution mechanism is now supported in ECOS. This feature addresses CVE-2020-12142.
• (8.3.0.4) - API changes have been made to restrict traversal of other directories, limiting access to sensitive data.
• (8.3.1.0) - Changes have been made that greatly reduce or eliminate the possibility of a cross-site forgery request (CSRF) on the appliance.
• (8.3.1.0) - Support for 25 Gbps fiber interface cards in the EC-XL appliance.
• (8.3.1.0) - Added a new custom bonding option that performs load-balancing based on tunnel capacity.
• (8.3.1.0) - Added a new link bonding option that supports user-configurable link prioritization and traffic steering/load balancing policies.
• (8.3.1.0) - IPSec anti-replay window protection has been enhanced to support window size of up to 64K.
• (8.3.1.0) - Traceroute is now supported across stateful-SNAT firewall type, across allow-all type with NAT configured, as well as across EdgeHA links.
• (8.3.1.0) - The Top Applications report now excludes Silver Peak control (non-user) traffic.
• (8.3.1.0) - Ping IPSLA monitor has been enhanced to include loss/latency measurements and thresholds.
• (8.3.1.0) - Ping IPSLA can now be directed into a 3rd party IPSec or GRE tunnel.
• (8.3.1.0) - EC-V now supports up to 32 interfaces along with auto-mac configuration.
• (8.3.1.0) - IPv6 DHCP is now supported on WAN interfaces.
• (8.3.1.0) - The internet breakout feature has been enhanced, enabling selection of the best quality internet link for local break-out based on user-defined criteria.
 

  • VXOA 8.2

• Branch NAT
• Multi-Region Subnet Sharing
• IPSec Service Chaining IKEv2
• BGP over IPSec
• Multicast GUI Support
• BGP Configuration of Source Address
• (8.2.1) - Route Filtering
• (8.2.1) - IPFIX Enhancements
• (8.2.1) - LAN-side VTI
• (8.2.1) - Dead Peer Detection (DPD) for IPSec Service Chaining
• (8.2.1) - Application Inference Engine

  • VXOA 8.1 

• Enhanced Application Visibility
• BGP Routing
• Interface bonding on 10Gbps ports
• IPv6 UPD, GRE and IPSec tunnels
• SHA-2 Hash for IPSec
• Extended DHCP Server Options
• SNMPv3 Enhancements
• Custom HTTPS certificate support for appliance management
• Flow redirection on any configured physical interface
• Return passthrough traffic to L2 sender
• (8.1.3) Fine grained control of management traffic
• (8.1.4) DNS Application Classification Enhancement
• (8.1.4) Internet Breakout with Stateful Firewall and NAT
• (8.1.5) IP SLA tracking
• (8.1.5) PPPoE Interfaces
• (8.1.5) Redesigned Configuration > Interfaces page
• (8.1.5) Improved Application Classification by Port
• (8.1.5) Per-Flow Maximum Rate Control
• (8.1.5.3) EC-US Appliance Support
• (8.1.5.3) Modified High Efficiency Bonding
• (8.1.6) Edge High Availability
• (8.1.6) IPSec UDP Overlays (IKEless tunnels)
• (8.1.6) Mini License (supports up to 50mbps)
• (8.1.6) Configurable BGP Parameters (Local Preference • MED (Multi-Exit Discriminator) • AS Prepend Count • Keep Alive Timer • Hold Timer)
• (8.1.6) Configurable Interface for SAAS Probes
• (8.1.7) IPv6 Support for Inline Router Mode
• (8.1.7) BGP Enhancements (Soft reset • Input Metric • Communities)
• (8.1.7) Inbound Port Forwarding
• (8.1.7) Shaper Enhancements (Rebalance)
• (8.1.7) TCP MSS Clamping for Internet Breakout
• (8.1.7) Flow Redirection on WAN Interfaces
• (8.1.7) TCP Acceleration for IPv6
• (8.1.7) Cloud-Init Support
• (8.1.7) OSPF (Beta)
• (8.1.8) Zone Based Firewall
• (8.1.8) 3rd party IPSec Tunnels
• (8.1.8) IPFIX
• (8.1.8) IP SLA Enhancements

  • VXOA 8.0 

• Business Intent Overlays
• Deployment Profiles
• Packet-Based Dynamic Path Control (DPC) or Bonded Tunnels
• Built-in DHCP server and relay
• Inbound QoS
• Support for IPv6 PBR deployments
• (8.0.3) - Support for additional hardware appliance part numbers

  • VXOA 7.3 

• Support for the Unity EdgeConnect XS and V.
• Current Flows tab can report on flows that are experiencing slow LAN-side performance.
• Reset non-accelerated TCP connections.
• DRC configuration now available on web interface: Configuration > Shaper
• (7.3.1) - Support for the Unity EdgeConnect L, XL
• (7.3.2) - Support for the Unity EdgeConnect S
• (7.3.3) - Fast fail (sub-second failover) for Dynamic Path Control (DPC)
• (7.3.3) - Support for the Unity EdgeConnect M




Features by GMS/Orchestrator Software Release


  • Orchestrator 9.0

• Increased Retention for New Daily Stats, now 3 months.
• Advanced Segmentation (VRF)
• YAML Preconfig Support for Routing Segmentation
• YAML Preconfig Supports Custom Tags
• Secure Shell Access
• SAML 2.0 Integration
• Enhanced Authentication Between Orchestrator and Cloud Portal
• Allowed External IPs in Cloud Orchestrator
• Live Troubleshooting for Down Tunnels

  • Orchestrator 8.10

• Intelligent Upgrades

  • Orchestrator 8.9

• IKE-less Seed Distribution To address CVE-2020-12142
• Portal Migration Wizard The Orchestrator
• Auto-prune Tunnels from Removed Appliances
• Improved Response Times for Top ‘X’ Charts
• Support for New Alarm: Insufficient Bandwidth for Tunnels
• OAuth 2.0 Support for Identity Access Management (IAM)
• (8.9.2) - Disable Self-signed Certificates To address CVE-2020-12143 and CVE-2020-12144
• (8.9.2) - Loopback Orchestration

  • Orchestrator 8.8

• PPPoE in preconfiguration
• Loopback & VTI in preconfig
• Ikev2 enhancements
• Reset flows confirmation
• BGP ASN and Local communities
• Maintenance Mode
• Notification Banner
• Tunnels to Hubs in other region
• DHCP Failover
• Bandwidth tier licensing
• (8.8.3) IPFIX UI Enhancements
• (8.8.3) Increased Capacity for Inbound Port Forwarding Rules, up to 100
• (8.8.3) Route Map Enhancements
• (8.8.3) Microsoft Virtual WAN Orchestration (beta)
• (8.8.3) Zscaler Orchestration to support load balancing of IPSec tunnels and support for new geo-location APIs
• (8.8.3) Check Point Integration

  • Orchestrator 8.7

• Branch NAT
• DHCP relay per VLAN
• Source address for BGP
• ACL Policy enhancement
• Display peer role (hub/spoke) in routes
• Added capability to configure the logging level for implicit firewall drop between zones.
• Loopback interfaces in Appliance Wizard
• VTI and Loopback Interfaces
• Redesigned BIO and regional overlays
• Realtime updates from Microsoft Office 365
• Role based access
• Alarm Suppression
• TACACS and RADIUS enhancements. Support “Remote only” and “Local if Remote Unavailable”

  • Orchestrator 8.6

• Multicast routing
• Firewall rule logging
• Tech Support - Orchestrator tab improvement. Files can now be downloaded to the Orchestrator first
• Routes Tab Filter
• Flows tab improvements - new filters:Overlay and Transport filters, Flow characteristics, • Duration filters, Include built-in and HA, and various other checkboxes
• Zscaler Orchestration
• Support Any Protocol in Inbound Port Forwarding
• Verify Email Address optional if Orchestrator is configured with a custom SMTP server
• Regions Tab
• License revocation and grant support for metered license model
• Firewall logging for Security Policies

  • Orchestrator 8.5

• Orchestrator has been redesigned to handle large networks.
• MOS Statistics
• Define Custom severity for Alarms
• Delay Alarm Emails
• Backup Orchestrator to HTTPS or SFTP servers as well as FTP, HTTP and SCP
• Pre-Configuration using YAML files in Orchestrator before Zero Touch Provisioning occurs.
• HTTP/HTTPS IPSLA ping monitors
• IPFIX support
• Wild Card Based prefix Matching in Policies
• Block Network Orchestation via Cloud Portal
• Preconfiguration
• Allow ECDSA certificates for Saas
• Health map sorting
• 'Find Preferred Route' dialog available when editing Configuration > Routes
• Configurable Statistics Retention
• Overlapping LAN side subnets
• Support IPv6 internal subnets on the Business Intent Overlay page
• Configurable tunnel alarm aggregation
• Notes for interfaces on Deployment page
• Boost Trends report
• Software Versions tab redesigned
• Preconfiguration Passthrough Tunnels and Flow Redirection
• IP Directed Broadcast available in templates
• Nonaccelerated TCP Inactivity Timeout available in System template
• New routes states that indicate peer’s role as Hub or Spoke
• BGP Graceful restart
• Zone based Firewall Statistics
• Suppress Tunnel creation using Tunnel Exceptions tab
• (8.5.2) Orchestration ETA progress and prioritization

  • Orchestrator 8.4

• Overlay ACL
• Maximum Orchestrator backups to retain now configurable
• RMA Wizard
• Upgrade appliances via Configuration Wizard
• Tree filters
• Transceiver information for EC-M-B and EC-M-P models SFP interfaces
• Admin up/down datapath interfaces
• Account key protection
• IP/Port wildcard pattern match
• IPFIX Flow Export
• IPSLA HTTP Ping
• Enable / Disable Default DNS Lookup
• Auto-MTU Discovery Scheduler
• Interface Dynamic Rate Control
• Compound Applications
• IPSec Pass-Through Tunnels

  • Orchestrator 8.3

• Overlay Region Support
• Orchestration of Templates (Groups)
• Inbound Port Forwarding Orchestration
• Cross Connect Grouping
• (8.3.3) OSPF support
• (8.3.3) Interface Bandwidth Summary report
• (8.3.3) Orchestrator in-place upgrade (no revert to previous Orch version from this point on)
• (8.3.3) Appliance Flow Trends tab enhancements
• (8.3.3) Authentication protocols for TACACS and RADIUS
• (8.3.3) Alarms in CSV format
• (8.3.3) CLI shell from UI
• (8.3.3) Remote assistance
• (8.3.3) TCP MSS clamping
• (8.3.6) Unreachable appliances are now shown grey in the tree
• (8.3.6) Network Manager role deprecated
• (8.3.6) Saas ping interface configurable
• (8.3.6) Configurable VLAN for Edge HA
• (8.3.6) Pause Orchestration

  • Orchestrator 8.2

• IPSec UDP overlays
• Packets per second trends tab
• Tech Support improvements (appliance and Orchestrator tabs)
• Orchestrator system dump
• Application Visibility and Classification (AVC)
• Edge Connect High Availability HA Support
• Controlling statistics collection
• IP Whitelist

  • Orchestrator 8.1

• Improved Health Dashboard
• Dynamic Topology Geomap
• Live View
• Traceroute support in the GUI
• Policy maps enhancements
• BGP support
• Flow tab enhancement
• Top Talkers, domains, countries and ports
• Tunnel Bandwidth, DSCP, Jitter and Traffic Class Pie Charts
• Appliance Flow, DSCP, QoS and Jitter Trends
• Scheduled reports improvements
• HTTPS Certificates Upload template
• Custom SSL certificate for Orchestrator UI
• Geo location support for Discovered Appliances tab
• Deployment configuration tab improvements
• DHCP leases by appliance
• Built-in applications
• Overlay Manager controls
• Overlay boost button improvement

  • Orchestrator 8.0

• Health Dashboard
• Deployment Profiles
• Overlay Topology
• Tunnel charts per overlay
• Labels (VXOA 8.0)
• Tunnel Groups replace Tunnel Builder (VXOA 6.2.11)
• Shaper, policy and ACL template support (VXOA 8.0)
• Registration removed from Cloud Portal template (VXOA 7.0)
• VRRP Template (VXOA 6.2.11)
• Tunnel templates now support fast fail threshold (VXOA 7.3.3)
• New Shaper report (VXOA 8.0)
• Consolidated Audit Log tab
• Appliance Configuration backup (VXOA 6.2.11)
• New Deployment report
• Bulk import subnets from .csv now supported

  • Orchestrator 7.3 (EoL)

• Appliance discovery (VXOA 6.2.11)
• Tunnel summary report
• Scheduled group reboot/shutdown
• Scheduled group QoS map activation
• SMTP settings dialog
• Scheduled timezone dialog
• Third party licenses page
• Silver Peak appliances licenses page
• Cloud Portal registration template (VXOA 7.2)
• SaaS Optimization template (VXOA 7.2)
• CLI template (VXOA 6.2.11)

  • GMS 7.2 (EoL)

• HTML email reports (VXOA 6.2)
• Appliance discovery (VXOA 6.2.10)
• Alarms via email
• Time based QoS (VXOA 6.2)
• GMS Backup
• Historical Jobs
• VMware vROps Integration (VXOA 6.2.10)
• New charts added
• New templates added
• New configuration reports added
• REST API


No comments: